Create Active Directory Forest

These commands will create a forest and show how to populate it with users and groups.

The first cmdlet establishes the server as a domain controller and installs the AD domain service tools.

Install-WindowsFeature AD-Domain-Services


 Next, setup and configure the AD forest.

Install-ADDSForest -DomainName


You can now begin using AD functions like creating users.

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -asecurestring) -name "User1" -enabled $true -ChangePasswordAtLogon $true

This simple cmdlet will create a user named “User1” and ask for a password. The user will then be prompted to change password when they login for the first time. In a previous post I cover other methods to add users.


Lastly we can run a cmdlet that will establish group membership for the new user.

Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=powershell,DC=engineering,DC=com", -MemberOf"CN=Enterprise Admins,CN=Users=DC=powershell,DC=engineering,DC=com",


And lastly we can run the Get-ADPrincipalGroupMembership cmdlet to confirm that the membership was granted.

Get-ADPrincipalGroupMembership User1


Useful parameters:






Add Users in Active Directory

There are many ways to add users in AD with PowerShell. You can add them with a one liner like:

New-ADUser -Name "User1"

Or you can use a script to import and add many users all at once.